git.baikalelectronics.ru Git - kernel.git/commit

author	Willem de Bruijn <willemb@google.com>
	Tue, 15 Feb 2022 16:00:37 +0000 (11:00 -0500)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 17 Feb 2022 04:37:47 +0000 (20:37 -0800)
commit	0d1950e56ba5406aab5139003f676803ae846e7f
tree	c0f0433207298092afc8b14516af5e140237f816	tree \| snapshot
parent	5658ca0c72c1a7690a0f991da2f14a669feb4584	commit \| diff

ipv6: per-netns exclusive flowlabel checks

Ipv6 flowlabels historically require a reservation before use.
Optionally in exclusive mode (e.g., user-private).

Commit 3bba6acb6d03 ("ipv6: elide flowlabel check if no exclusive
leases exist") introduced a fastpath that avoids this check when no
exclusive leases exist in the system, and thus any flowlabel use
will be granted.

That allows skipping the control operation to reserve a flowlabel
entirely. Though with a warning if the fast path fails:

  This is an optimization. Robust applications still have to revert to
  requesting leases if the fast path fails due to an exclusive lease.

Still, this is subtle. Better isolate network namespaces from each
other. Flowlabels are per-netns. Also record per-netns whether
exclusive leases are in use. Then behavior does not change based on
activity in other netns.

Changes
  v2
    - wrap in IS_ENABLED(CONFIG_IPV6) to avoid breakage if disabled

Fixes: 3bba6acb6d03 ("ipv6: elide flowlabel check if no exclusive leases exist")
Link: https://lore.kernel.org/netdev/MWHPR2201MB1072BCCCFCE779E4094837ACD0329@MWHPR2201MB1072.namprd22.prod.outlook.com/
Reported-by: Congyu Liu <liu3101@purdue.edu>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Tested-by: Congyu Liu <liu3101@purdue.edu>
Link: https://lore.kernel.org/r/20220215160037.1976072-1-willemdebruijn.kernel@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

include/net/ipv6.h		diff \| blob \| history
include/net/netns/ipv6.h		diff \| blob \| history
net/ipv6/ip6_flowlabel.c		diff \| blob \| history